Cyrus IMAPD version: 2.3.16 ( using a compiled source version )
My problem seems to be with the sasl authentication frontend auth with mupdate - Ok mupdate auth with frontend - Ok frontend auth with backend - ??? ------------------------------------------------------------------ My /etc/saslauthd.conf ldap_servers: ldap://ldap.intranet ldap_auth_method: bind ldap_referrals: no ldap_search_base: dc=domain1,dc=com ldap_verbose: on ldap_debug: 6 Tested with testsaslauthd and postfix. -------------------------------------------------------------------- In Frontend: # Mupdate mupdate_server: mupdate.intranet mupdate_username: cyrmaster mupdate_authname: cyrmaster mupdate_password: data # Backend User proxy_authname: cyrmaster proxy_password: data # Administrator admins: cyrmaster # SASL sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN allowplaintext: yes sasl_minimum_layer: 0 sasl_auto_transition: no ----------------------------------------------------- In Backend: # Mupdate mupdate_server: mupdate.intranet mupdate_username: cyrmaster mupdate_authname: cyrmaster mupdate_password: data # Backend User proxyservers: cyrmaster # Administrator admins: cyrmaster # SASL sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN allowplaintext: yes sasl_minimum_layer: 0 sasl_auto_transition: no ---------------------------------------------------------------------------------------- When i connect in frontend and create a mailbox: cyradm --user cyrmaster frontend frontend> cm user/bob backend1 in backend log: Jul 14 23:48:34 backend1 saslauthd[6837]: ldap_simple_bind() failed -1 (Can't contact LDAP server). Jul 14 23:48:34 backend1 saslauthd[6837]: Retrying authentication Jul 14 23:48:34 backend1 imap[7042]: auxpropfunc error invalid parameter supplied Jul 14 23:48:34 backend1 imap[7042]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb But mailbox is created. When setacl is used: frontend> sam user/bob cyrmaster all In backend log: ul 14 23:52:45 backend1 imap[7050]: auxpropfunc error invalid parameter supplied Jul 14 23:52:45 backend1 imap[7050]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb Jul 14 23:52:45 backend1 imap[7042]: No worthy mechs found Jul 14 23:52:45 backend1 imap[7051]: auxpropfunc error invalid parameter supplied Jul 14 23:52:45 backend1 imap[7051]: _sasl_plugin_load 1ailed on sasl_auxprop_plug_init for plugin: ldapdb --------------------------------------------------------------------------------------------------------------------------------------------------------------------- when try to reconstruct a mailbox: frontend> reconstruct user/bob Jul 15 00:09:53 uxrjo700 saslauthd[6841]: Authentication failed for cyrmaster: Bind to ldap server failed (invalid user/password or insufficient access) (-7) Jul 15 00:09:53 uxrjo700 saslauthd[6841]: do_auth : auth failure: [user=cyrmaster] [service=imap] [realm=] [mech=ldap] [reason=Unknown] Jul 15 00:09:59 uxrjo700 imap[7116]: auxpropfunc error invalid parameter supplied Jul 15 00:09:59 uxrjo700 imap[7116]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb I don' configure sasl plugin: ldapdb in imapd.conf , why this plugin is called ? .sasl_pwcheck_method: saslauthd is not sufficient for all operations ? I need to configure some ldapdb parameter ?? I don' configure any TLS certificate is necessary to configure a TLS certificate ? Even when PLAIN password is used ? With means "No worthy mechs found" ? I thank in advance for any help Regards Zinato On Tue, Jul 13, 2010 at 8:24 PM, Lucas Zinato Carraro <luca...@gmail.com>wrote: > > > cyradm --user cyrmas...@domain1.com frontend.domain.com > Password: > frontend.domain.com> > > frontend.domain.com> > > frontend.domain.com> cm user/test backend1.intranet --- OK > > frontend.domain.com> lm user/test > user/testepermissao (\HasNoChildren) > > frontend.domain.com> info > user/testepermissao > {user/test}: > server: backend1.intranet > correio.dataprev.gov.br> sam user/test cyrmas...@domain1.com all > setaclmailbox: cyrmas...@domain1.com: lrswipkxtea: Server(s) unavailable > to complete operation > > > --------------------------------------------------------------------------------------------------------------- > > Problem when set ACLs and QUOTA, but CREATE is OK > > Using SASLAUTH with LDAP Server. > > > -------------------------------------------------------------------------------------------------- > Configuration in frontend.domain.com > > ............................................ > # Administrator > admins: cyrmas...@domain1.com cyrmas...@domain2.com > > # Mupdate > mupdate_server: mupdate.intranet > mupdate_authname: mupdateuser > mupdate_password: password > > # Backend User > proxy_authname: backenduser > proxy_password: password1 > backend1_password: password1 > > > ------------------------------------------------------------------------------------------------------ > Configuration in backend1.intranet > > ............................ > # Mupdate > mupdate_server: mupdate.intranet > mupdate_authname: mupdateuser > mupdate_password: password > > # Backend User > proxyservers: backendu...@intranet backendu...@domain1.com > backendu...@domain2.com > > # Administrador > admins: cyrmas...@domain1.com cyrmas...@domain2.com > > > > ------------------------------------------------------------------------------------------------------ > Configuration in mupdate.intranet > > .............. > > > # Backend User > proxy_authname: backenduser > proxy_password: password1 > > # Administrator > admins: mupdateuser mupdateu...@intranet backenduser > backendu...@domain1.com backendu...@domain2.com > > > > ---------------------------------------------------------------------------------------------------------- > > When i use this command i see in backend : > > Jul 13 19:52:34 backend1 imap[30484]: login: > frontend.domain.com[192.168.136.151] > cyrmas...@domain1.com PLAIN User logged in > Jul 13 19:52:34 backend1 imap[30484]: fetching user_deny.db entry for ' > cyrmas...@domain1.com' > Jul 13 19:52:34 backend1 imap[30478]: accepted connection > Jul 13 19:52:34 backend1 imap[30484]: couldn't authenticate to backend > server: no mechanism available > > > Any help ? > > > Another question is: When i transfer a mailbox from backend1 to backend2 > , backend1 auth in backend2 with > the user that request action ( in my example cyrmas...@domain1.com ) or > with proxy_authname( backendu...@domain1.com ) ? > > > > Thanks for any help > > Regards > > Zinato > > > > > >
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html